CVE-2018-16868

EPSS 0.04%
Veröffentlicht 03.12.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:53:29
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Gnutls Version <= 3.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.6	0.4	4.7	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
nvd@nist.gov	3.3	3.4	4.9	AV:L/AC:M/Au:N/C:P/I:P/A:N
secalert@redhat.com	4.7	0.3	4	CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

http://cat.eyalro.net/

Third Party Advisory

Technical Description

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html

Third Party Advisory

Broken Link

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html

Third Party Advisory

Broken Link

Mailing List

http://www.securityfocus.com/bid/106080